Alpha

PSA Certified
Crypto Driver Interface 1.0

Document number:	111106
Release Quality:	Alpha
Issue Number:	1
Confidentiality:	Non-confidential
Date of Issue:	30/09/2025

ALPHA

This specification is work in progress and should be considered to be in at Alpha quality.

See Current status and anticipated changes for details.

Abstract

This document describes an interface for cryptoprocessor drivers within an implementation of the PSA Certified Crypto API. This interface complements PSA Certified Crypto API [PSA-CRYPT], which describes the interface between a Crypto API implementation and an application.

Contents

• About this document
  • Release information
  • License
  • References
  • Potential for change
  • Current status and anticipated changes
  • Feedback

• 1 Introduction
  • 1.1 Purpose of the driver interface
  • 1.2 Types of drivers
  • 1.3 Requirements
• 2 Overview of drivers
  • 2.1 Deliverables for a driver
  • 2.2 Driver description list
• 3 Driver description
  • 3.1 Driver description syntax
  • 3.2 Driver description top-level element
  • 3.3 Driver description capability
    • 3.3.1 Capability syntax
    • 3.3.2 Capability semantics
    • 3.3.3 Capability examples
  • 3.4 Algorithm and key specifications
    • 3.4.1 Algorithm specifications
    • 3.4.2 Key type specifications
• 4 Driver entry points
  • 4.1 Overview of driver entry points
    • 4.1.1 General considerations on driver entry point parameters
  • 4.2 Driver entry points for single-part cryptographic operations
  • 4.3 Driver entry points for multi-part operations
    • 4.3.1 General considerations on multi-part operations
    • 4.3.2 Multi-part operation entry point family "hash_multipart"
    • 4.3.3 Operation family "mac_multipart"
    • 4.3.4 Operation family "mac_verify_multipart"
    • 4.3.5 Operation family "cipher_encrypt_multipart"
    • 4.3.6 Operation family "cipher_decrypt_multipart"
    • 4.3.7 Operation family "aead_encrypt_multipart"
    • 4.3.8 Operation family "aead_decrypt_multipart"
  • 4.4 Driver entry points for key derivation
    • 4.4.1 Key derivation driver dispatch logic
    • 4.4.2 Summary of entry points for the operation family "key_derivation"
    • 4.4.3 Key derivation driver initial inputs
    • 4.4.4 Key derivation driver setup
    • 4.4.5 Key derivation driver long inputs
    • 4.4.6 Key derivation driver operation capacity
    • 4.4.7 Key derivation driver outputs
    • 4.4.8 Transparent cooked key derivation
    • 4.4.9 Key agreement
  • 4.5 Driver entry points for PAKE
    • 4.5.1 PAKE driver dispatch logic
    • 4.5.2 Summary of entry points for PAKE
    • 4.5.3 PAKE driver inputs
    • 4.5.4 PAKE driver setup
    • 4.5.5 PAKE driver output
    • 4.5.6 PAKE driver input
    • 4.5.7 PAKE driver get implicit key
  • 4.6 Driver entry points for key management
    • 4.6.1 Key size determination on import
    • 4.6.2 Key validation
  • 4.7 Entropy collection entry point
    • 4.7.1 Entropy collection flags
    • 4.7.2 Entropy collection and blocking
  • 4.8 Miscellaneous driver entry points
    • 4.8.1 Driver initialization
  • 4.9 Combining multiple drivers
• 5 Transparent drivers
  • 5.1 Key format for transparent drivers
  • 5.2 Key management with transparent drivers
    • 5.2.1 Key import with transparent drivers
  • 5.3 Random generation entry points
    • 5.3.1 Random generator initialization
    • 5.3.2 Entropy injection
    • 5.3.3 Combining entropy sources with a random generation driver
    • 5.3.4 Random generator drivers without entropy injection
    • 5.3.5 The "get_random" entry point
  • 5.4 Fallback
• 6 Opaque drivers
  • 6.1 Key format for opaque drivers
    • 6.1.1 Size of a dynamically allocated key context
    • 6.1.2 Size of a statically allocated key context
    • 6.1.3 Key context size for a secure element with storage
    • 6.1.4 Key context size for a secure element without storage
  • 6.2 Key management with opaque drivers
    • 6.2.1 Key creation in a secure element without storage
    • 6.2.2 Key management in a secure element with storage
    • 6.2.3 Key creation entry points in opaque drivers
    • 6.2.4 Key export entry points in opaque drivers
  • 6.3 Opaque driver persistent state
    • 6.3.1 Built-in keys
• 7 Using drivers from an application
  • 7.1 Using transparent drivers
  • 7.2 Using opaque drivers
    • 7.2.1 Lifetimes and locations
    • 7.2.2 Creating a key in a secure element

• A Open questions
  • A.1 Value representation
    • A.1.1 Integers
  • A.2 Driver declarations
    • A.2.1 Declaring driver entry points
    • A.2.2 Driver location values
    • A.2.3 Multiple transparent drivers
  • A.3 Driver function interfaces
    • A.3.1 Driver function parameter conventions
    • A.3.2 Key derivation inputs and buffer ownership
  • A.4 Partial computations in drivers
    • A.4.1 Substitution points
  • A.5 Key management
    • A.5.1 Mixing drivers in key derivation
    • A.5.2 Public key calculation
    • A.5.3 Symmetric key validation with transparent drivers
    • A.5.4 Support for custom import formats
  • A.6 Opaque drivers
    • A.6.1 Opaque driver persistent state
    • A.6.2 Open questions around cooked key derivation
    • A.6.3 Fallback for key derivation in opaque drivers
  • A.7 Randomness
    • A.7.1 Input to "add_entropy"
    • A.7.2 Flags for "get_entropy"
    • A.7.3 Random generator instantiations
• B Changes to the API
  • B.1 Document change history